Closed Bug 457416 Opened 11 years ago Closed 11 years ago

TM: Crash @ js3250.dll!nanojit::LirBufWriter::insFar(nanojit::LOpcode op=LIR_tramp, nanojit::LIns * target=0xb5884100) Line 401 + 0x3 bytes

Categories

(Core :: JavaScript Engine, defect, critical)

x86
Windows Vista
defect
Not set
critical

Tracking

()

RESOLVED WORKSFORME

People

(Reporter: ilkkap, Unassigned)

References

()

Details

(Keywords: crash)

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1b1pre) Gecko/20080926033937 Minefield/3.1b1pre (.NET CLR 3.5.30729)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1b1pre) Gecko/20080926033937 Minefield/3.1b1pre (.NET CLR 3.5.30729)

I enabled both jit options from about:config.
From there on, Minefield crashes just after login to facebook.

Reproducible: Always

Steps to Reproduce:
1. Enable both jit options
2. Login to facebook
3.
Actual Results:  
Crash

Expected Results:  
No crash

Call stack:

>	js3250.dll!nanojit::LirBufWriter::insFar(nanojit::LOpcode op=LIR_tramp, nanojit::LIns * target=0xb5884100)  Line 401 + 0x3 bytes	C++
 	js3250.dll!nanojit::LirBufWriter::ensureReferenceable(nanojit::LIns * i=0x00000018, int addedDistance=3)  Line 265	C++
 	js3250.dll!nanojit::LirBufWriter::insCall(unsigned int fid=46, nanojit::LIns * * args=0x0022eab0)  Line 968 + 0x14 bytes	C++
 	js3250.dll!nanojit::CseFilter::insCall(unsigned int fid=46, nanojit::LIns * * args=0x0022eab0)  Line 1801 + 0xc bytes	C++
 	js3250.dll!FuncFilter::insCall(unsigned int fid=44, nanojit::LIns * * args=0x0022eadc)  Line 684	C++
 	js3250.dll!TraceRecorder::record_JSOP_GETELEM()  Line 4638	C++
 	js3250.dll!js_Interpret(JSContext * cx=0x03e9c600)  + 0x47956 bytes	C++
 	js3250.dll!js_Invoke(JSContext * cx=0x03e9c600, unsigned int argc=1, long * vp=0x05cac314, unsigned int flags=0)  Line 1324 + 0xa bytes	C++
 	js3250.dll!js_fun_apply(JSContext * cx=0x03e9c600, unsigned int argc=1, long * vp=0x05cac2fc)  Line 1732	C++
 	js3250.dll!js_Interpret(JSContext * cx=)  Line 4986	C++
 	js3250.dll!js_LookupPropertyWithFlags(JSContext * cx=0x05c509e0, JSObject * obj=0x05c50260, long id=1, unsigned int flags=1, JSObject * * objp=0x00000016, JSProperty * * propp=0x05ce3464)  Line 3395	C++
 	js3250.dll!6e23ec8f() 	
 	js3250.dll!6e23ecd7()
Version: unspecified → Trunk
Assignee: nobody → general
Severity: major → critical
Component: General → JavaScript Engine
Keywords: crash
Product: Firefox → Core
QA Contact: general → general
Summary: FF31b1pre - Crash @ js3250.dll!nanojit::LirBufWriter::insFar(nanojit::LOpcode op=LIR_tramp, nanojit::LIns * target=0xb5884100) Line 401 + 0x3 bytes → TM: Crash @ js3250.dll!nanojit::LirBufWriter::insFar(nanojit::LOpcode op=LIR_tramp, nanojit::LIns * target=0xb5884100) Line 401 + 0x3 bytes
I'm hitting this too http://crash-stats.mozilla.com/report/index/e374e642-8efa-11dd-a502-001a4bd43ed6?p=1.

URL: http://blog.mozilla.com/bhearsum/wp-admin/post-new.php (sorry, can't give out credentials.)

Build: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1b1pre) Gecko/20080929020507 Minefield/3.1b1pre ID:20080929020507
Status: UNCONFIRMED → NEW
Ever confirmed: true
I got this issue reported in my forum, supposedly it only happens when Adblock Plus is enabled (meaning that a JS content policy is installed). I could reproduce it in the current nightly:

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b1pre) Gecko/20080930093007 Minefield/3.1b1pre

URL: http://www.blogger.com/comment.g?blogID=19336675&postID=1727342678535742344

Crash: http://crash-stats.mozilla.com/report/index/f874b033-8f80-11dd-8fa1-001cc45a2c28
I think david is working on this. David, can you look at the stack traces and then dup this one?
After the latest nightly update it seems to be working for me. Guess this was a duplicate? No crashes... yet.
Indeed, I can't reproduce this.  There was a crash bug related to the information in these crash reports, but it was fixed two days ago.

If anyone else still gets this problem with the latest nightly please re-open or post back.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Resolution: FIXED → WORKSFORME
Blocks: abp
You need to log in before you can comment on or make changes to this bug.